CVS Interface Notes

Some random notes on the CVS interface, or, how to make proper usernames appear in CVS ID strings.

Bottom line is, it's hard. There are only two ways (as far as I know) to get your username into CVS:

The virtual user trick might work if it were possible to forward the plaintext password from a CGI, but Apache very sensibly strips it out of the environment before the CGI sees it. You could simply eliminate passwords, but then you wouldn't be able to make the pserver available off-site. Storing plaintext passwords in a database is not an option.

In any case, we can make password entries for the users, by copying them from the adduser and passwd CGI's while they're still in plaintext. This may or may not be useful: it doesn't look easy to protect parts of the repository separately against different virtual users.

On the other hand, you probably don't want to allow external, anonymous CVS access except on a developer site, in which case the developers would have real ssh access and there's no need to protect parts of the tree anyway.

So here are the viable options, as I see them. Note that most -- maybe all -- require that the Combo server do the actual permission-checking, and then do something a little sleazy to pass the Combo UserName to CVS.

I rather like private password files, but it's complicated and requires making frequent changes to the global passwd file. Single and descriptive virtual users are simpler; all three allow the repository to live on another machine where it can be made available via ssh if desired. Descriptive virtual user has the virtue of putting a little extra information into the CVS Id string.

Note that we can password-protect the various virtual users and even change their passwords frequently if desired.

Bottom line: descriptive virtual user looks like the winner. Eventually Subversion may make all this irrelevant, but I'm not going to hold my breath.


$Id: cvs.html,v 1.2 2002/06/05 06:59:47 steve Exp $
Stephen R. Savitzky <steve@theStarport.org>